Incidents Pane

ControlUp’s Incidents Pane is a viewer for incidents that were recorded in your organization based on incident triggers. Using this pane you can conduct retrospective investigations on various incidents, such as changes in Stress Level, user activity, Windows Events, and more. Every incident is recorded based on a trigger configured in ControlUp, either manually or with the help of ControlUp Hybrid Cloud Analytics, generates an incident whenever its conditions are met. Regardless of the follow-up actions you may configure (e.g. send an e-mail alert), ControlUp will always record the incident in a database for later retrieval. The Incidents Pane is the place where all incidents can be searched, sorted and grouped for trending analysis and troubleshooting purposes.

A few important clarifications for an easy start with the Incidents Pane:

The Incidents Pane is not available in Offline Mode. Offline users of ControlUp will see the Incidents Pane button as greyed out (this will also happen briefly following Fast Login).

Incident triggers are configured using the Triggers Settings window. That’s the place where you can control which incidents will be recorded by ControlUp.

The Incidents Pane is read-only and intended for viewing the incidents and performing data analysis by filtering, sorting and grouping data.

The default retention period for incidents is 14 days and every organization is limited to 1000 incidents per day by default. Please contact us if you feel like these are not enough for your organization.

Searching and Filtering the Incidents Grid

Here are some ways in which you can use the incidents grid in order to locate interesting data:

The Filter / Search box locates incident records by searching all data fields (try computer names, user names or any other strings that might appear in the incidents, like parts of a Windows Event text).

Each row in this grid can be double-clicked to focus on a specific incident type. You can always come back to the home page by clicking on the Home button or by clicking on Back (<) on the navigation bar.

The time range slider can be adjusted to display events that happened during a specified time range.

Click a folder or a computer in the organization tree to show incidents for that folder or computer.

All of the filtering options above instantly affect the information grid, causing it to recalculate the distributions. If the grid is filtered by any of those methods, the navigation bar will be highlighted in orange until all filters are cleared.

The Incidents Home Page

The Incidents home page is an information grid showing all available incident categories, along with their distribution over time. Its purpose is to provide a summary of incident history in your ControlUp organization. Every row in this grid represents a distinct incident category, like “Computer Stress” or “Windows Event”. Events are separated into these categories because every category has a distinct set of data fields. For example, a “Computer Stress” incident cannot be displayed in the same table as a “Session State Changed” incident since they do not have the same properties.

The Incidents home page includes the following columns:

Graph column – shows the relative distribution of every event type over time, during the retention period (14 days by default). The leftmost bar in each graph represents the number of incidents logged on the first day of this period, and the rightmost bar represents the number of events logged today. By default, the graph is sorted by this column, which makes the most populated incident categories to appear on top.

Incident type – the incident category name.

Last incident on – the time of the last incident recorded in this category

Last hour, Last day, Last X days (14 by default) – a count of incidents within the category for the respective time frame.

In order to research incidents in a particular category, double click that category’s row.

Incidents Category View

After double-clicking any row in the Incidents home page, you arrive at this view, which shows all incidents of the selected type (for example, Computer Stress). Please note that any filters previously applied on the Incidents home page will remain active, as indicated by the orange highlight of the navigation bar.

This view includes the same columns as the Incidents home page. In addition, all data fields of the selected incident type are available for display. To add a column, click on its name in the side bar on the right.

For example, here we’ve added the “Counter” column to the Computer Stress incidents view. Once added, this column is added to the grouping logic of the incidents grid, dividing it into all unique combinations of the selected field values. If you originally had 10 computers in the Computer Stress view, adding the “Stress Level” column will divide every computer row into all existing values of Stress Level column on that computer (to a maximum of 10*4=40 rows, if every computer has triggered all possible stress levels).

Multiple columns can be added using the same method. This is a powerful data mining feature, which enables you to identify the most common factors contributing to incidents in your organization. For instance, in Computer Stress Level events the “Counter” column shows the specific counters responsible for each Stress Level incident. When added to this view together with the “Computer Name” column, the default sorting should highlight the specific resource that causes the most Stress Level events (e.g. Memory Utilization on Server1).

Double-clicking on a row in this table will switch the grid to the Individual Incidents view.

Individual Incidents View

This view’s purpose is to display the separate occurrences of any incident recorded by ControlUp. Unlike the other views in the Incidents Pane, every row in this view is not a summary, but an individual incident.

For every incident, all recorded details are displayed (see column reference below). In addition, this view includes the “Trigger” column which links to the trigger that caused every incident to be recorded, so that you can easily tune the relevant incident triggers. Please note that the trigger causing a particular event may have been deleted since the incident had been recorded. In this case the “Trigger” column will show “<trigger deleted>”.

Incidents Pane Column Reference

Home Page Columns

Column name

Description

Incident type

The incident category, as configured when creating the incident trigger.

Last incident on

The time of the last incident recorded in this category.

Last hour, Last day, Last X days (14 by default)

A count of incidents within the category for the respective time frame.

Incidents Category View Columns

Column name

Description

Incident type

The incident category, as configured when creating the incident trigger. Events are separated into these categories because every category has a distinct set of data fields. For example, a “Computer Stress” incident cannot be displayed in the same table as a “Session State Changed” incident since they do not have the same schema.

Last incident on

The time of the last incident recorded in this category.

Last hour, Last day, Last X days (14 by default)

A count of incidents within the category for the respective time frame.

Columns available in the “Folder Stress” category

Stress Level

The Stress Level severity recorded during the incident

Folder

The name of the folder in your ControlUp organization

Trigger

The name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted.

Counter Name

The ControlUp column responsible for the increase in the computer’s Stress Level

Columns available in the “Hosts Stress” category

Stress Level

The Stress Level severity recorded during the incident

Folder

The name of the folder in your ControlUp organization

Trigger

The name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted.

Counter Name

The ControlUp column responsible for the increase in the computer’s Stress Level

Host Name

The name of the affected virtualization host

Hypervisor Type

The hypervisor platform vendor

Version

The version number of the hypervisor platform

Installed Memory

The amount of physical RAM installed on the host

Columns available in the “Computer Stress” category

Computer

The name of the computer on which the incident has occurred

Folder

The name of the ControlUp organization tree folder in which the computer resides

Trigger name

The name of the trigger that caused the incident to be recorded (links to the trigger’s settings). Could be empty if the trigger has been deleted.

Manufacturer

The hardware manufacturer of the stressed computer

Model

The hardware model of the stressed computer

OS

The operating system of the stressed computer

Service Pack

The OS service pack installed on the stressed computer

Counter

The ControlUp column responsible for the increase in the computer’s Stress Level